Posts Tagged: best practices

Path & Address Book Privacy

Vic Gundotra has today shared via Google+ the below report that the Path iOS app has been found uploading each user’s entire address book to the Path servers without first notifying users or otherwise asking permission.


How Path Works

Dave Morin, the CEO of Path was quick to comment on the report and explained this behavior citing the reason below…

“We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.”


Regardless of reason, this is in clear violation of at least rule 17.2 of Apple’s App Store Review Guidelines and possibly rule 17.1 depending on your definition of “user data”.

Matt Gemmell, directly beneath Dave Morin’s comment, offers a proactive solution to the issue in hashing the data prior to upload (it neatly skirts around Apple’s rules, protects the user’s privacy and still accomplishes the task at hand with zero server-side performance impact).  Hashing transforms the private data into a stream of garbage data that is unique for each data entry.  It allows Path to go on matching contacts without knowing who those contacts are.


Going Forward

What concerns me about all of this is that this solution is so trivial (anybody developer who understands one way hashing can do it) that Path should have implemented it right the first time (had they care enough to do so).

I want to give Dave Morin and his company the benefit of the doubt here but it’s a bit hard.  I don’t think the security and privacy of Path’s users is a topic with which they are concerned.  There are simply too many mistakes here to think otherwise.  Everybody who follows my blog knows how I feel about privacy matters and usually I would advocate immediately removing the Path app until the issue is resolved but in this case it will do little good.  The damage, as they say, is done.  The best recourse is perhaps to report this issue to Apple instead.

Many companies violate user privacy, until they get caught, and they need to be taken to task lest this negligent behavior become even more widespread.


Path should consider itself lucky that a sole individual discovered this issue just by poking around and not by having every user’s private data their servers house leaked into the wrong hands as a result of having their servers hacked.  It’s still a possibility until they rectify the issue.





Choosing a Safe Password

A lot of opinions about what makes a password strong have been thrown about lately.  Unfortunately, a lot of them are wrong.

If you only take away one thing from this article let it be this…  Don’t believe everything you read about password best practices.  Today I’m going to dispel some of these myths and I want to tackle 2 approaches in particular that concern me.


Correct Horse Battery Staple –

This comic has been linked to a lot since its release and at least gets points for trying.  The only problem with it however is that it relies on common dictionary words.  According to Oxford Dictionary there are 171,476 words in current use in the English language.  If we were to assign a unique number to each of these 171,476 words and use a 4-word combination of them we’d end up with a truly staggering amount of combinations to exhaust!  Problem solved right?

No.  The average English speaking person can’t even spell “hippopotamus” correctly and is limited to a vocabulary of 25,000~50,000 words (this number varies depending on demographics, education level etc… and is still disputed).  And of these, most people limit themselves further to words dealing with their daily lives: “coffee”, “office”, “stapler”, “fire” and other equally common words.  That is if they are not completely lazy and go with “password123″.

What we end up with is maybe 500 highly common words that would form the pool from which to construct such pass phrases.  500 words in 4-word combinations is just under 62.5 trillion combinations.  Sounds great right?  “My little brother will have to pass the work onto his grandson before my password will be discovered!” I hear you say.  Except with a technique called brute force searching, 62.5 trillion combinations can be computed in significantly less time.  In fact, the more patterns a hacker can discern from your word choice the smaller the search space and the process will speed up accordingly.

Furthermore this approach does not scale.  There are only so many nonsensical word combinations a person can remember.  After a while they begin to diverge and soon you can’t tell if it was “house ball sky dog”, “ball cucumber torch pin”, or “house pin sky torch”.


Memorable Passwords ––choose-and-remember-great-passwords

First let me say that I have a tremendous amount of respect for Gina Trapani.  But this time I’m afraid she is wrong.  Why?  Again, patterns.

What makes the password memorization technique she advocates easy for you to use makes it equally insecure for hackers who anticipate that you’ll follow her advice.  Using public knowledge like a spouse’s name or your anniversary date is questionable at best.  If I know you, chances are I know your spouse.  Even if I don’t know you I can dig through your trash and find out.

The only way this excels compared to the XKCD approach is that it’s easier to associate a password to a web site because there is an underlying pattern uniting them, not that this is a good thing remember.  It’s just harder to get confused.


What Makes A Password Safe?

The short answer: randomness.

The long answer:

  • Don’t use patterns.
  • Use nonsensical words or sensical ones, whatever you like.  Don’t follow a rule.
  • When possible, don’t limit yourself to how you choose your passwords.
  • Use numbers, punctuation, spaces and even Kanji characters if you feel like, or don’t.
  • Go short or go long.  The choice is up to you.

Remember, from whom are you trying to keep your password safe?  Your nosy siblings and coworkers?  Or somebody more nefarious like a hacker?  Your password is only as safe as it is unknown to people who would attempt to discover it.  Understanding the discussed tools and knowledge they possess should demonstrate why just about all the advice flying out there is flat out wrong.



But It’s Still Too Hard To Remember “e$-UqPs3″

That IS hard to remember, there’s no contesting that.  But again, what makes it hard for you to remember makes it more secure.  A hacker is still going to pull out the brute force search here and will perhaps arrive at your password.  However this password is stronger if for no other reason than it has no discernible patterns.

Moreover, if you occasionally change your password it becomes a moving target.  By the time the hacker finds your password, you’ve already moved on to a new one!

How should you remember this password?  Don’t.  There’s an iPhone app for that! All you need to do with this app is create one memorable login password behind which all your hard-to-remember passwords are protected.  This memorable login password is encrypted with an algorithm called BCrypt which is extremely resilient against brute force attacks because it takes an inordinate amount of time to encrypt each password.  So even if you lose your iPhone the likelihood of your login password being discovered is near zero.


There is no magical solution that will result in memorable and safe passwords.  But we can up the ante against hackers by equipping ourselves with the tools and discipline to combat theirs.

How to Keep Passwords Secret

Not like this…

Password on paper for all to see












If you do this, you deserve to have your account hacked.